From 3f3337a662e9916bbf14502ef3b32dedaa7adfa4 Mon Sep 17 00:00:00 2001 From: Chia-chi Yeh Date: Fri, 17 Jun 2011 16:34:32 -0700 Subject: VPN: avoid leaking file descriptors. Change-Id: If70f5af3529d79bddb9d72675cf6eb038ff3ff70 --- core/res/AndroidManifest.xml | 2 ++ services/java/com/android/server/connectivity/Vpn.java | 14 +++++++++++--- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml index a8aff37..47902a8 100644 --- a/core/res/AndroidManifest.xml +++ b/core/res/AndroidManifest.xml @@ -91,6 +91,8 @@ + + diff --git a/services/java/com/android/server/connectivity/Vpn.java b/services/java/com/android/server/connectivity/Vpn.java index 035a667..47813f8 100644 --- a/services/java/com/android/server/connectivity/Vpn.java +++ b/services/java/com/android/server/connectivity/Vpn.java @@ -102,14 +102,22 @@ public class Vpn extends INetworkManagementEventObserver.Stub { /** * Protect a socket from routing changes by binding it to the given - * interface. The socket is NOT closed by this method. + * interface. The socket IS closed by this method. * * @param socket The socket to be bound. * @param name The name of the interface. */ public void protect(ParcelFileDescriptor socket, String name) { - mContext.enforceCallingPermission(VPN, "protect"); - nativeProtect(socket.getFd(), name); + try { + mContext.enforceCallingPermission(VPN, "protect"); + nativeProtect(socket.getFd(), name); + } finally { + try { + socket.close(); + } catch (Exception e) { + // ignore + } + } } /** -- cgit v1.1